mirror of
https://gitlab.com/openconnect/ocserv.git
synced 2026-02-09 08:16:58 +08:00
63b7e81e87
That tests operation under haproxy with proxy-protocol without docker. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
33 lines
624 B
INI
33 lines
624 B
INI
global
|
|
user haproxy
|
|
group haproxy
|
|
#daemon
|
|
|
|
# Default SSL material locations
|
|
#ca-base /etc/ssl/certs
|
|
#crt-base /etc/ssl/private
|
|
|
|
ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL
|
|
|
|
|
|
defaults
|
|
log global
|
|
mode http
|
|
option dontlognull
|
|
timeout connect 5000
|
|
timeout client 50000
|
|
timeout server 50000
|
|
|
|
frontend ssl
|
|
mode tcp
|
|
bind *:@HAPORT@
|
|
tcp-request inspect-delay 5s
|
|
tcp-request content accept if { req.ssl_hello_type 1 }
|
|
|
|
use_backend ocserv
|
|
|
|
backend ocserv
|
|
mode tcp
|
|
option ssl-hello-chk
|
|
server server-vpn @ADDRESS@:@PORT@ send-proxy-v2
|